Identity Broker Forum

Welcome to the community forum for Identity Broker.

Browse the knowledge base, ask questions directly to the product group, or leverage the community to get answers. Leave ideas for new features and vote for the features or bug fixes you want most.

+1
Won't fix

How can we re-trigger an AD User provision?

Andrei Nicolas 2 years ago in UNIFYBroker Service updated 1 year ago 4

Hi All

Is there a way to re-trigger an Outbound provision going from the Locker to AD.

- We have done a baseline sync

-  We have checked the criteria required for a provision to AD

Is this a bug or is there a solution already made?

Many thanks

Andrei


+1
Completed

Allow consultants to add any SCIM attribute to the SCIM gateway configuration

Adrian Corston 3 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 weeks ago 3

Allow consultants to add any SCIM attribute (core or extension) to the SCIM gateway configuration.

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

+1
Completed

Scheduled execution of Test Connection on agents

Adrian Corston 4 years ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 years ago 1

An automated periodic execution of the Test Connection functionality on an agent for UNIFYMonitor to pick up and report on would give UNIFY early warning that a low level service problem exists.

[Bob's suggestion]

Answer

Hi Adrian,

This could be completed using the Scheduled Jobs feature of the UNIFYBroker logging engine. This gives access to the $components.AgentEngine component, which has a method void Test(Guid agentId) that could be used to execute tests. Alternatively you could call the REST API from a scheduled job to execute the task.

0

CSV Export for Entity Searches

Liam Schulz 1 week ago in UNIFYBroker Service 0

Hi,

Occasionally we may need to export entity data from Connectors, Adapters etc. to assist with investigating or troubleshooting an issue. I've found that it can be difficult to export information from entity searches. The only way I've really come across is to manually highlight the rows in the entity search and copy across to a spreadsheet to refine.

Just checking if there is an easier way to export entities particularly from refined searches where we may not want all the data? I've considered using the test harness but that only provides a dump from a Connector and is not really useful for Adapter or Locker entity searches. 

Otherwise, would it be possible to include a feature to have the ability to export a CSV of data from the current entity search?

Look forward to hearing your thoughts and feedback.

Thanks

0

UNIFYBroker service failing to start

Hayden Gray 2 weeks ago in UNIFYBroker Service updated 2 weeks ago 2

Version v5.3.2 Revision #0

After performing the following sequence of events, the UNIFYBroker service failed to start.

1. Clearing the entities from a decent sized Connector and associated Adapter (~10,000 entities)

2. Deleting the Connector and Adapter

3. Restarting the the UNIFYBroker service

When failing to start the event log would show 2 errors (I know the second stack track looks like I've truncated it, but that is the full error I receive in the log):

Error - The following occurred in module: Identity Broker

The following occurred in the Error module during the Identity Broker cycle of the server: start

Service cannot be started. Unify.Framework.UnifyServiceStartException: The DELETE statement conflicted with the REFERENCE constraint "FK_Entity_ObjectClass". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Entity", column 'ObjectClassId'.

The statement has been terminated. ---> System.Data.SqlClient.SqlException: The DELETE statement conflicted with the REFERENCE constraint "FK_Entity_ObjectClass". The conflict occurred in database "Unify.IdentityBroker", table "dbo.Entity", column 'ObjectClassId'.

The statement has been terminated.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Bo...

0
Answered

Register Contributions where the contributing attribute is from a joining connector?

David Poyner 6 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 weeks ago 3

Is it possible to call register-contribution in an adaptor PowerShell schema, where the source field is not from the base connector, but a joining connector?

I have been working on fixing the Register-contribution functions in a customer environment, however some of the values that are imported and are eventually used for time offset flag calculations, are coming from a non-base connector using the "Join on" transformation.

When I test using an imported change from the base connector, the changes are schedule for the correct time. When I test using an imported change a joining connector, my test fails (the imported change flows to the adaptor but does not appear to register the future change). This leads me to the conclusion that maybe an imported change from joining connector does not register future changes.

Is this correct? Is there a solution given termination/end dates required for some of the calculations, are not currently available on the base connector? 

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

A patch for 5.3 is available on request.

0
Answered

PowerShell group connector returning null for dn attribute

Hayden Gray 7 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 7 months ago 2

Version v5.3.2 Revision #0

I have a PowerShell connector that queries and database to build groups including their memberships. But when importing it returns the following error. The connector does not have an associated adapter.

I have another connector that uses the same script that works just fine, which would indicate a data issue however, there are no obvious fields that are null.

Connector Processor Connector processing failed.
Connector Processing page 1 for connector Test Group Errors failed with reason Value cannot be null.
Parameter name: dn. Duration: 00:00:18.4144781.
Error details:
System.ArgumentNullException: Value cannot be null.
Parameter name: dn
at Unify.Framework.IO.DistinguishedName.op_Implicit(DistinguishedName dn)
at Unify.Product.IdentityBroker.Repository.EntityDistinguishedNameValueDataUtility`1.ConvertValueToString(DistinguishedNameValue value)
at Unify.Product.IdentityBroker.Repository.StringBasedValueDataUtilityBase`2.SetEntityValue(__EntityValueInsertRow dataValue, TValue value)
at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass33_0.b__0(KeyValuePair`2 entityValueAndKey)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input)
at Unify.Product.IdentityBroker.ConnectorEntityChangeProcessor.ProcessEntities(IEnumerable`1 connectorEntities, IEnumerable`1 repositoryEntities, IEntityChangesReportGenerator`2 reportGenerator)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_1.b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()



Change detection engine Change detection engine import all items failed.
Change detection engine import all items for connector Test Group Errors failed with reason An error occurred while evaluating a task on a worker thread. See the inner exception details for information.. Duration: 00:00:49.7519745
Error details:
Unify.Framework.EvaluatorVisitorException: An error occurred while evaluating a task on a worker thread. See the inner exception details for information. ---> System.ArgumentNullException: Value cannot be null.
Parameter name: dn
at Unify.Framework.IO.DistinguishedName.op_Implicit(DistinguishedName dn)
at Unify.Product.IdentityBroker.Repository.EntityDistinguishedNameValueDataUtility`1.ConvertValueToString(DistinguishedNameValue value)
at Unify.Product.IdentityBroker.Repository.StringBasedValueDataUtilityBase`2.SetEntityValue(__EntityValueInsertRow dataValue, TValue value)
at Unify.Product.IdentityBroker.Repository.EntitySingleValueDataUtilityBase`2.CreateEntityValue(TEntityKey key, IValue value, IEntityCollectionKeyUtility`1 collectionKeyUtility, EntityDataSet set, __EntityInsertRow row, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.ConvertEntityValueToDataValue(KeyValuePair`2 entityValueAndKey, __EntityInsertRow row, EntityDataSet entityDataSet, EntityDataContext sourceContext)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.<>c__DisplayClass33_0.b__0(KeyValuePair`2 entityValueAndKey)
at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at System.Linq.Enumerable.d__17`2.MoveNext()
at Unify.Framework.Visitor.Visit[T](IEnumerable`1 visitCollection, Action`2 visitor)
at Unify.Product.IdentityBroker.Repository.KnownEntityContextBase`4.InsertItems(ISet`1 addedItems, EntityDataContext sourceContext, SqlConnection connection)
at Unify.Framework.Data.LinqContextConversionBase`4.SubmitChanges()
at Unify.Product.IdentityBroker.SaveChangedEntitiesTransformationUnit.Transform(IDictionaryTwoPassDifferenceReport`4 input)
at Unify.Product.IdentityBroker.ConnectorEntityChangeProcessor.ProcessEntities(IEnumerable`1 connectorEntities, IEnumerable`1 repositoryEntities, IEntityChangesReportGenerator`2 reportGenerator)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetectionOnConnectorEntityPage(IEnumerable`1 connectorEntities, Int32& index, Int32 entitiesProcessedSoFar, IEntityChangesReportGenerator`2 reportGenerator, IHashSet`1 seenKeys)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.<>c__DisplayClass11_1.b__0(IEnumerable`1 page)
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.ThreadsafeItemEvaluator.Evaluate()
--- End of inner exception stack trace ---
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.CheckForException()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.WaitForCompletedThreads()
at Unify.Framework.Visitor.ThreadsafeVisitorEvaluator`1.Visit()
at Unify.Framework.Visitor.VisitEvaluateOnThreadPool[T](IEnumerable`1 visitCollection, Action`2 visitor, Int32 maxThreads)
at Unify.Product.IdentityBroker.RepositoryChangeDetectionWorkerBase.PerformChangeDetection(IEnumerable`1 connectorEntities)
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess()
at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase()
at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run()
at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.b__0()
at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)

Answer

Thanks for the update Hayden. I was just about to respond - it seems like there was a 'not-quite-null' value trying to be parsed into a DN field, which then when Broker was trying to store it in the entity context couldn't grab a valid string value to actually store. Some types in Broker, including the DN type, will treat an empty value differently to a null value - so if anything other than null is seen, it will attempt to convert (and in this case, fail). 

0
Not a bug

Reflect change entities to adapter errors about duplicate entries when there are are no duplicate key values in the connector.

Hayden Gray 7 months ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 weeks ago 2

I've been having issues on particular PowerShell connectors/adapters in UNIFYBroker where reflecting change entities to the adapter is complaining about duplicate entries when there are are no duplicate key values in the connector.

The schema setup between the connectors and adapters is an ID key in the connector that is then used within the adapter as the DN. So it is a very simple DN template. E.g:
Name Type Key Read-only Required
AccountName String True True True

Distinguished Name Template CN=[AccountName]

The issues are generally fixed by clearing and repopulating the whole adapter, which is not a repeatable solution since it happens on a weekly basis, sometimes more often.

These errors also don't seem to happen after an obvious failures on the connector side, which is what I have previously attributed these issues to. All these connectors have deletion thresholds setup of at least 50%.

Its like broker seems to get itself tied up even though the schedules in the environment have been reduced to the point where only 1 operation is interacting within and with broker at a time.

SQL maintenance is also performed frequently and the SQL instance has plenty of resources allocated.

Version details: v5.3.2 Revision #0

Any help would be appreciated as this has been a long ongoing issue that I've seen across multiple environments.

Adapter
Adapter eb42757f-2f23-4228-928e-993942b0c050 page errored on page reflection. Duration: 00:00:21.5551444. Error: Unify.Framework.UnifyDataException: Duplicate DNs detected on adapter eb42757f-2f23-4228-928e-993942b0c050. Reflection failed. Duplicate DNs: CN=<obfuscated name>,OU=sIAMGroups,DC=IdentityBroker, CN=<obfuscated name 2>,OU=sIAMGroups,DC=IdentityBroker.
at Unify.Product.IdentityBroker.DuplicateDnDetector.DetectDuplicateDns(IDictionaryTwoPassDifferenceReport`4 report)
at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.b__9_0(IOperationalAdapter adapter).
Error details:
Unify.Framework.UnifyDataException: Duplicate DNs detected on adapter eb42757f-2f23-4228-928e-993942b0c050. Reflection failed. Duplicate DNs: CN=<obfuscated name>,OU=sIAMGroups,DC=IdentityBroker, CN=<obfuscated name 2>,OU=sIAMGroups,DC=IdentityBroker.
at Unify.Product.IdentityBroker.DuplicateDnDetector.DetectDuplicateDns(IDictionaryTwoPassDifferenceReport`4 report)
at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.b__9_0(IOperationalAdapter adapter)


Adapter Request to reflect change entities of the adapter.
Request to reflect change entities of the eMinerva Student: Groups (eb42757f-2f23-4228-928e-993942b0c050) adapter errored with message: Duplicate DNs detected on adapter eb42757f-2f23-4228-928e-993942b0c050. Reflection failed. Duplicate DNs: CN=<obfuscated name>,OU=sIAMGroups,DC=IdentityBroker, CN=<obfuscated name 2>,OU=sIAMGroups,DC=IdentityBroker.. Duration: 00:00:59.9516712
Error details:
Unify.Framework.UnifyDataException: Duplicate DNs detected on adapter eb42757f-2f23-4228-928e-993942b0c050. Reflection failed. Duplicate DNs: CN=<obfuscated name>,OU=sIAMGroups,DC=IdentityBroker, CN=<obfuscated name 2>,OU=sIAMGroups,DC=IdentityBroker.
at Unify.Product.IdentityBroker.DuplicateDnDetector.DetectDuplicateDns(IDictionaryTwoPassDifferenceReport`4 report)
at Unify.Product.IdentityBroker.Adapter.ReflectChangesInner()
at Unify.Product.IdentityBroker.Adapter.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterAuditingDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.AdapterNotifierDecorator.ReflectChanges()
at Unify.Product.IdentityBroker.ReflectAdapterOnChangeDueJob.b__9_0(IOperationalAdapter adapter)

Answer

Closed as no further information provided.

0
Fixed

Jobs Stuck Processing

Liam Schulz 1 year ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 weeks ago 2

Hi,

We have observed jobs such as Connector imports and Link synchronization will occassionally get stuck in a processing loop and not complete. This causes a block in operations as Broker cannot import or synchronize new data. To clear the process a restart has to be performed. Attempting to cancel the job does not have any impact.

This happens intermittently and doesn't appear to have a consistent way of reproducing the issue. I understand this makes it difficult to troubleshoot the issue, so is there other possibilities for a solution we could explore? For example, could there be a timeout introduced so that the job is killed if it runs over a period of time without closing?

Let me know your thoughts and feedback.

Thanks,
Liam

Answer

This has been resolved and is available in the release of UNIFYConnect V6, which will be made available shortly.

Powershell tasks can now have a timeout applied to them, which will force the cancellation of any running scripts after a given timeout which can ensure the scripts actually exit rather than getting stuck.

0
Answered

Link Synchronization not triggering

Hayden Gray 1 year ago in UNIFYBroker Service updated by Matthew Davis (Technical Product Manager) 4 weeks ago 2

In UNIFYConnect test environment when attempting to perform a baseline synchronisation or delta changes synchronisation, the buttons seemingly do nothing when attempting to trigger on the link. The link is between a CSV connector/adapter and a locker with about ~10k entities. Nothing else is currently running, all other link schedules are disabled and no connectors are importing, nor are any change reflect options are running. 

When I click a button to sync the page refreshes like it has executed but nothing else happens. Nothing appears under the "Recent Jobs" section of the link page and it logs 2 messages in the log:

23/Jan/2024 23:29:28
Information
Link Request to manually queue a baseline synchronization job on link started.
Request to manually queue a baseline synchronization job on link Managed User > AD User started.
23/Jan/2024 23:29:28
Information
Link Request to manually queue a baseline synchronization job on link completed.
Request to manually queue a baseline synchronization job on link 'Managed User > AD User' completed. Duration: 00:00:00.0310830

Is there a way I can see what is stopping the sync operation from executing? Let me know if you need more information.

Thank you

Answer

This has been implemented and is available in the release of UNIFYConnect V6, which will be made available shortly.

Messages are shown for both sync prep and sync execution, and the preparation task now performs significantly better so shouldn't sit for as long.